Ransomware - Should Avast Have Blocked It?

[Undead-Divine-Assassin]

How do I do that exactly?

There are hidden nasties like this out there like this Winlock trojan we all know that, but surely if sandboxing a browser session was a solution we'd all be doing it as standard practice. In fact I thought that was what Spybot may have been doing as much with it's 'immunisation' tool.  Maybe I've misunderstood its purpose.

[CraigB]

As far as Spybot goes I agree with the others in that it is rubbish, the Real time teatimer function is also known to corrupt the functionality of avast so imo it would be best uninstalled.

[true indian]

As far as Spybot goes I agree with the others in that it is rubbish, the Real time teatimer function is also known to corrupt the functionality of avast so imo it would be best uninstalled.

Maybe that's the reason he got infected,maybe if spybot wouldnt have been there avast would have saved the day Umm 

[waking]

How do I do that exactly?

Using avast Internet security is one way to get sandboxed web browsing.

"avast! Internet Security includes all the features you need to be safe"

"Sandbox

An isolated virtual environment, so risky sites and apps cannot harm your PC."


If using avast free AV you can use Sandboxie and run your browser in it.

sandboxie DOT com

"Sandboxie runs your programs in an isolated space which prevents them from making
permanent changes to other programs and data in your computer."

[Undead-Divine-Assassin]

Thanks all for the suggestions/info.

I've not read before that Avast and Spybot are in any way incompatible. I've been using them together for over two years and prior to that with MSE. This is the first time I've been victim of a successful attack ever, in all other cases of dodgy links on web sites Avast has flagged and blocked it. If there were any contra-indications involving Avast and Spybot/T-Timer when working together surely in two years of use I would have had more trouble.   

[wyrmrider]

true indians speculations are without merit
he quotes another speculation that is also without merit, perhaps is is avast that is the corrupter as possibly with Comodo
let's try and solve problems not throw stones
MBAM works
Superantispyware also finds things (besides cookies) that MBAM does not find
so does Spybot, Spysweeper previously did also- did you see where the Webroot founder just died?
NO AV including AVAST finds everything either and there is malware out there that none of them find out of the box
The choices for a free real time Anti Spywere are very limited
and the ethics of some are very suspect

[Arnold72]

This thread demonstrates perfectly why avast should implement some form of 0-day module and not just rely on detection.

[Lisandro]

This thread demonstrates perfectly why avast should implement some form of 0-day module and not just rely on detection.

Well... It's not completely new. We have the generic signatures, heuristic analysis, autosandboxing... There are 0-day measures out there...

[Arnold72]

Avast is a fantastic av no argument there.
But maybe a HIPS module should be included and then avast would be pretty rock solid.

[polonus]

Well every resident av solution cannot do with some additional protection layers.
Many users here have non-resident MBAM and/or SAS installed to close the avast vulnerability window somewhat further.
I also have added Malwarebytres Anti-Exploit-beta to block the execution of payload of specifically zero day exploits.
Like in urlquery dot net scans, a scanner that brought this to windows scanning, 
avast could also do with additional Suricata w Emerging Threads and Snort IDS.
For instance a lot of new exploit kit code is being detected that way...
Browser security as with No Script and Request Policy add-ons is also a full proof solution against browser related code infestations.

polonus

[wyrmrider]

my spare computer is down so no MBAE for awhile  and no windows 8 either
It used to be that a free version of Spyware Doctor- PC TOOLS had a real time version...
The usual "free" version would scan but not remove
but if you downloaded from c-net you would get a version that would enable the real time version - but not the scanner
lots of bait and switch in the anti-spyware market
hard for the novice to tell what any of them really do
x2 on noscript
unfortunately my financial program is a big java program....

[polonus]

Hi wyrmrider,

That is why novices have to hang out here some time to pick up the real good and free advice how to protect their comps at minimal costs.
It can be done without additional bundled crap- and junkware and the additional semi-luring of semi-scam tools whhere scanning is OK and free,
but pay to delete what we find programs. Delete all the programs you do not use on a daily bases and keep the rest fully patched and updated,

polonus